The tough reality is that attackers usually move faster than we do.
In 2020, government agencies have been forced to adapt to an unprecedented global pandemic, shifting rapidly from a largely office-based workforce to a remote one. For this to happen, government employees had to configure their own home networks and devices, while IT had to secure a wide range of operating systems and equipment. Recent months saw the government abandon a security approach decades in the making that focused on protecting the perimeter.
By scaling virtual private networks and moving data into software-as-a-service applications, agencies have been able to more or less maintain continuity of operations despite the ongoing pandemic. That’s the good news. But while government IT pros deserve immense credit for the recent transition, the tough reality is that attackers usually move faster than we do. Remote work has relied on tremendous trust in basic networking and cloud services, which has likely created vulnerabilities we simply haven’t identified yet.
Government IT pros must keep their eyes open for the yet-to-be-seen impact of the pandemic on data security in 2021 and beyond. Data visibility and the management of data protection should be top of mind, particularly as IT priorities are being outlined for the new year.
Agencies Don’t Know What They Don’t Know
There’s a good chance remote work will continue into 2021. Therefore, 2021 must be the year of working securely, regardless of location or task at hand. The fact that agencies successfully shifted to remote work so quickly may mean that the old-school perimeter approach remains a relic of the past. But that doesn’t mean security practices have kept up with the remote work transition.
Government IT pros have been so focused on business continuity that the expanding attack surface was a distant secondary priority for some. There’s a very real chance that malicious actors, from nation-states to organized criminal groups, have already infiltrated government networks, because IT had their attention elsewhere or because policies weren’t consistently applied and enforced as new clouds and SaaS applications were spun up.
Heading in 2021, government agencies need to move at the same speed, if not faster, as adversaries in order to get their security back up to par—and that must include data loss prevention. More specifically, agencies need to move urgently in the direction of user activity monitoring in order to know exactly how users are interacting with government data.
Protecting Agency Data in a Remote World
User activity monitoring relies on analytics to understand data access patterns. By continuously monitoring users, government agencies will be better able to identify malicious users and compromised accounts. Behavioral analytics and indicators of behavior focus on events and how users interact with data. This makes it possible to understand data usage in context and to apply data loss prevention policies adaptively.
Machine learning and analytics can help agencies understand data movement in real time: If someone is hoarding data or logging in from multiple time zones in one day, those activities need to be flagged and responded to quickly. Widening the range of data sources helps augment the user activity monitoring analytics, and this automation is what helps agencies act more swiftly. Considering the extent to which the pandemic has expanded the attack surface, monitoring could become non-negotiable.
In order to implement user activity monitoring, though, agencies must communicate proactively with employees, reassuring them that systems aren’t tracking their productivity or looking over their shoulders. Instead, monitoring is for the security of the individual, agency and country. When these technologies are rolled out, communication and assurance with regard to privacy are crucial to getting employee buy-in, especially in a distributed work environment. Without real-time visibility into how employees are interacting with data, agencies cannot work flexibly and operate securely.
The Bottom Line
Data loss can be tremendously damaging to agencies. We must know where our data is on a minute-by-minute basis and that can only happen through combined data discovery and behavioral analytics. As government IT pros prepare for the new year, they must revisit their policies and processes, including their security posture and risk appetite. Just because an incident hasn’t happened yet doesn’t mean accounts aren’t already compromised. This is not meant to instill fear, but a sense of urgency. In 2021 and beyond, cloud-native solutions that offer a deep understanding of user behavior must become the new normal.
Nicolas Fischbach is the global chief technology officer for Forcepoint.